This page describes how to configure Forseti after it’s set up. Forseti configurations are global and module-specific settings such as the following:
G Suite admin account, and email recipients. This section is currently not being used so there is no need to configure.
inventory
: configurations that are used
only by Forseti Inventory, such as
api quota usage and inventory purge option.scanner
: configurations that are used
only by Forseti Scanner, such as
specifying which scanners to enable.notifier
: configurations that are used
only by Forseti Notifier, such as
specifying which notifications to enable.Configurations are centrally maintained in the
forseti-security/configs/server/forseti_server_conf.yaml
file that’s organized into
module-specific sections.
To set up your configuration, you’ll edit
forseti_server_conf.yaml.sample
and save it as forseti_server_conf.yaml
. For convenience, you can maintain different
versions of this file to support multiple configurations of Forseti.
forseti_server_conf_prod.yaml
forseti_server_conf_staging.yaml
If you are running Forseti on Google Cloud Platform (GCP), copy your edited forseti_server_conf.yaml to your Forseti Cloud Storage bucket. When Forseti runs again (via cronjob), it will execute a script that downloads the latest conf and rules files.
Use the following commands to copy your conf and rules files to Cloud Storage:
gsutil cp configs/forseti_conf.yaml gs://YOUR_FORSETI_GCS_BUCKET/configs/server/forseti_server_conf.yaml
Learn how to manually reload the server configuration.